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(54) Authentication method and authentication device for secured communications between an 
ATM mot)ile terminal and an ATli/l access node of a wireless ATIM radio communication 
networic 



(57) A mobile terminal (MT) sets up a wireless ATM 
radio communication connectbn (WGC) to an access 
node (AN) of a wireless ATM radio communication net- 
work (WATM). On the communication connection 
(WGC) a seaet communication key (CK) is used whk:h 
has been agreed upon by the ATM access node (AN) nd 
the ATM mobile terminal {Ml). Once the operating com- 
munlcation connection (WCC) is established, the 
noobile terminal (MT) can request authentication infor- 
mation (AI) from the security server (SSD) located in the 
(WATM) system or another network (FN) connected to 

Rg.3 



the access node (AN), tf after setting up the communi- 
cation connection (WCC) the authentication information 
(AI) Is received in a predetermined ^me period at said 
access node (Afvl) , the mobile terminal is authenticated 
at the access node (AN). Since the communication 
channel (WGC) is always setup before tiie autherrtica- 
tion procedure, also security fmctions from other inter- 
connected networks can be accessed and thus a high 
level of confidentiality as well as security can be main- 
tained. 
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Description 

Field of the Invention 

[0001 ] The invention relates to a method for setting up s 
a secured communication t}etween an ATM mobile ter- 
minal and an ATM access node of a wireless ATM radio 
communication network. Furthermore, the invention 
relates to an authentication device for such a wireless 
ATM radio communication network The invention also w 
relates to the ATM access node of such a wireless ATM 
radto communication network. Furthermore, the inven- 
tion relates to an ATM mobile terminal usable within 
such a wireless ATM radio communication network. 
[0002] In wireless ATM radio communication net- is 
works, generally two steps must be performed in order 
to connect an ATM mobile terminal to an ATM access 
node, namely an autiientication step where authentica- 
tion information is exchanged between the mobile termi- 
nal and the access node, and a second step in which 20 
the wireless connection is set up and in which a secret 
cqphering key is agreed upon (which is used in an 
encryption procedure to encrypt the data to be transmit- 
ted) such that the wireless ATM connection has a high 
degree of confidentiality. The exchange of authentica- ss 
tion information and the setting up of the wireless con- 
nection >with the agreed conf kientialrty key requires the 
exchange of signals b^een the mobile terminal and 
the access node according to a predefined protocol. 
[0003] Some protocols alk>w the exchange of the 30 
shared authentication information prior to setting up tiie 
wireless connection with the session key. However, as 
will be explained below, there are some protocols a ses- 
sion needs to k>e first estat}lished and only then the 
seaet shared authentication information can be made 3s 
available. This drawback is very significant, if for exam- 
ple a first signaling protocol is used on tiie wireless link 
t>etween the mobile terminal and the access node and 
another protocol is used between the access node of 
the ATM communication network and an access node of 40 
other interconnected fixed network. 
[0004] The invention in particular relates to the estat>- 
lishment of a secure ATM wireless connection between 
the ATM mobile terminal and the ATM access node for 
the casetrwhere different signaling protocols are used. 45 

Backorpund of the Invention 

[0005] Wireless ATM systems are currentiy standard- 
ized within both the ETSI project BRAN and the ATM so 
Forum Wireless ATM group. Exarrples of such wireless 
ATM systems are for example an ATM wireless access 
communication system (AWACS system), a wireless 
professional and reskiential multimedia applications 
(MEDIAN application) for indoor customer premises ss 
networks, tiie Magic WAND demonstrator (wireless 
ATM network demonstrator) for indoor and outdoor 
applk:ations in customer premises and pxMc networks. 



the SAMBA system, an ATM based mobile system like a 
broadband mobile communication for multimedia on 
ATM-t>asis supported by tiie German Minista^y for 
Research and Education, or a high performance radio 
local area network (HIPERLAN system) etc. 
[0006] Each of tiie aforementioned wireless ATM sys- 
tems is defined for specific different application areas. 
Some of ttiem are for exanple designed for wireless 
local area networks (LANs) or to the extension or 
replacement of fixed LANs. Otfier systems are specifi- 
cally designed for broadband access (e.g. to UMTS or 
to the GSM or GPRS core networks) or to point-to- 
multipoint systems. 

[0007] A general configuration of interacting networks 
including wireless ATM systems is shown in the 
attached Rg. 1a. Such systems are currently investi- 
gated in the aforementioned standardizing committees. 
As is seen in Rg. la. several different types of networks 
are interconnected through access nodes AN (also 
called access points). The network A may be provkied 
for fixed wireless corrponents communicating tiirough a 
wireless channel (e.g. through fixed wireless U\Ns arvJ 
a network access via microwave links). The network B 
may corrprise mobile end users communicating directiy 
witti the fixed network switching elements (e.g. digital 
cellular telephony. PCS, wireless LAN). The networks C, 
D may represent mobile switches with fixed end users 
where the end users have a fixed connection (either 
wired or wireless) to a switch. The switch and the end 
user, as a unit, are mobile, with the switch having a 
wired or wireless connection to fixed network switching 
elements (e.g. to a fixed network on board of a passen- 
ger plane, military aircraft or navel vessel). Further- 
more, in tiie network D mobile switches with mobile end 
users may be provided, i.e. the mobile terminals estab- 
lish connections with switches which are themselves 
mobile and which ttien establish a connection to a fixed 
network, as is the case ag. in LEO satellite t>ased 
switching to mobile stations, wireless end user devices; 
wireless connection to mobile switches on emergency 
or military vehicles). Another exarrple is shown at E. 
which is summarized as wireless ad hoc networks. 
IHere, wireless networks are provided, when there is no 
access node available (e.g. laptops gathered together in 
a business conferencing environment). It also considers 
cases where access nodes cannot be placed at art>i- 
trary locations and where plug-and-play and network 
flexibility are important oonskferations (e.g. for a resi- 
dential user). This requirement can be met by support- 
ing auto-configuration of a wireless ATM network. Both 
mokMie end users and fixed wireless en6 users are pos- 
sit)le. Ad hoc networks can also extend the coverage of 
existing access-node-orientated networks by wireless 
means by use of forwarding nodes, which act as inter- 
mediate relay points (transfer nodes) and fonward ATM 
packets from one WATM radio frequency to another 
WATM radio frequency. It is envisaged that in the initial 
stage a wireless ATM system will use an operating fre- 



2 



3 



EP0 939 571 A1 



4 



quency of 5 GHz and a available user data rate of 25 
Mbit/s. The estimated cell range will be between 30 - 50 
m irtdoors and 200 - 300 m outdoofs. 
[0008] As shown in Rg. 1 a, there are various possibil- 
ities how mobile ATM (asynchronous transmission s 
mode) network may be interconnected through the 
access nodes AN and, since the communication con- 
nections are ATM connections and are wireless, the 
security aspect is an important consideration in such a 
network architecture. In particular, the interoperabilrty io 
with security mecfianisms of other networks is an 
important aspect. Also simplicity of upgrading and add- 
ing new functionalities is very important, especially as it 
is impossible to prove that any of the existing practical 
cryptosystems cannot be broken in future, due to the is 
progress in mathematical theory and development of 
new more efficient algorithms. 
[0009] Therefore, as explained atx>ve, several steps 
have to be performed before a secure ATM connection 
in the wireless ATM communication network can be 20 
guaranteed. This will be explained below with reference 
to Fig. lb and Rg. 2. 

r 

Conventional authentication procedure 

25 

[001 0] Fig. 1 b shows a simplified network configura- 
tion according to Fig. 1a for explanation purposes. Rg. 
1b represents a typical case when the wireless ATM 
system is a wireless LAN or a broadband access sys- 
tem, where it is desirat>le that a wireless ATM radio conrh 30 
munication network WATM Is to be connected to a f ixed 
non-ATM system, for example to an Ethernet via access 
nodes AN of the WATM system and the FN system. Typ- 
ically, the Ethemet only supports one secure associa- 
tion establishment protocol. 35 
[0011] However, in Rg. lb the Ethernet is only taken 
as an example for the non-ATM fixed network and it may 
be useful to connect a general wireless ATM radio com- 
munication network WATM to a network system through 
access nodes AN, wherein the network system can per- 40 
form different secure association establishment proce- 
dures. Of course, this implies that a signaling gateway is 
established between the network system and the WATM 
system. 

[001 2] As is also shown in Rg. 1 b, a wireless commu- 45 
nication connection WCC is set-up between the ATM 
mobile terminal MT and the ATM access node AN and 
the ATM signaling is thus terminated in the access node 
AN. It is generally difficult to design servk;es within the 
WATM system if these services shoukJ rely on functions so 
and services in the fixed networks exactly because the 
ATM signaling is terminated in the access point AN. 
[0013] With the access node AN dearly being the 
enfry point into the WATM system, it is obvious that the 
access node AN has to be protected against fraudulent ss 
and accidental misuse, such that not any sut)scriber can 
have access to the WATM system. As explained before, 
this is done by a two step mechanism, namely an 



authentication mechanism where the nDobile station MT 
and the access node AM must recognize each other, 
and a second step where enayption methods are used 
on tiie radio link to provide a confidentiality level on the 
radio link. Thus, not any arbitrary sitecriber station SS, 
for example from the fixed network SN, shoukJ gain an 
access and should be supported in the WATM system, 
but only such subscriber stations for mobile stations 
which are recognized by the WATM system. 
[001 4] When a mobile terminal MT desires an access 
to the WATM system or requires a registration, the fol- 
lowing two types of registrations can be distinguished: 

1 . The access node AN and the ATM mobile termi- 
nal MT must possess a seaet authentication infor- 
mation Al and the authentication information must 
be the same in the access node AN and in the 
nrK)bile terminal MT. Such an authentication infor- 
mation may typically be an authentication key or a 
challenge^response information. 

2. The ATM mobile terminal MT and the access 
node AN "don't know each other"; i.e. they cannot 
recognize each other. 

[0015] In both cases, communication keys (encryp- 
tion/decryption keys) have to be generated and 
exchanged between the nrx>bile terminal MT and the 
access node AN in any case. These communication 
keys CK are used to achieve a confidentially of tiie infor- 
mation transmitted on the wireless ATM connection. 
Protocols which are used to generate and exchange 
such comnunication keys CK are generally called "Vey 
agreement protocols" and in existing networks like 
GSM. DECT, IS-54, IS 95 and CDPD. ttiey are com- 
bined with the subscriber authentication, thus buikiing a 
so-called "atomic authentication and key agreement 
(AKA) protocol". 

[001 6] Generally, there are two categories of AKA pro- 
tocols that can be used for setting ip the communica- 
tion between the ATM mobile terminal MT and the ATM 
access node AN. Namely, the first category comprises 
for example the usage of the Diffie-Hellman encrypted 
key exchange (DH-EKE) protocol or the simple key 
exponential key exchange (SPEKE) protocol (see e.g. 
reference [1]: B. Schneier. "Applied Cryptography, Sec- 
ond Edition, Wiley, 1992" and reference [2]: D. Jablon 
"Strong Passwork only Autiienticated Key Exchange. 
ACM Computer Communication Review, October 
1996"). A typical flow chart of how a secured communi- 
cation between ATM mobile terminal MT and an ATM 
access node AN of a wireless ATM radio communica- 
tion network WATM using this kind of protocol is 
achieved, is illustrated in Rg. 2. 
[0017] In Rg. 2, the mobile terminal MT and the 
access node AN exchange authentication information in 
step ST2 after starting the setup procedure in step ST1 . 
In STB it is checked whether the mobile terminal MT and 
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the access point AP recognize each other, i.e. whether 
the access node AN have stored an authentication Infor- 
mation which coincides with that sent by the rnobi\e ter- 
minal MT K this is not so, "N" in step ST3, the exchange 
of authentication information is repeated in step ST2. If 5 
the mobile terminal MT and the access point AM use 
the same authentication Information, in step ST3, 
then the MT and the access node AN agree on a 
secrete ciphering key in step ST4 (using the AKA proto- 
col). If MT/AN have agreed on a secret session key w 
(communication or ciphering key) in step ST4, then a 
secure wireless ATM communication connection WCC 
has been estak)lished and the usual communication sig- 
naling protocol for information transfer can be setip in 
step ST5. The setup procedure comes to an end in step 15 
ST6. 

[001 8J Therefore, using the conventional Diffie or Dlf- 
fie-Hellman encrypted key exchange (DH-EKE) or the 
simple key exponential key exchange (SPEKE) proto- 
col, the authentication information Al is in fact estat>- 20 
lished before completing the AKA protocol. However, 
there is a second category of AKA protocols, where the 
secret shared autiientication information is not ayailat)le 
before setting up the wireless communication connec- 
tion WCC based on the agreed session encryption 25 
keys. That is, using protocols of the second category 
means tfiat the shared authentication information only 
becomes available after, the secured communication 
connection has been set up. 

[0019] As is illustrated in Rg. 1b, the situation 30 
t>ecomes et/en more dff icult if different signaling proto- 
cols are used on the wireless ATM convnunication con- 
nection WCC between the mobile terminal MT and the 
access node AN (i.e. an WATM signaling) and t>etween 
the access node AN of the WATM network and the as 
access nodes AN of the fixed networks SN, for example 
an internet signaling or an UMTS signaling. That is. if 
the access of the AN of the WATM communication net- 
work should be flexible enough to interconnect to differ- 
ent signaling protocols (for exanrpi e intemet signaling or 40 
UMTS signaling) then different authentication proce- 
dures or different AKA protocols may have to be used 
dependent on the used protocol between the ATM sys- 
tem and the fixed network FN. Therefore, sometimes 
the category 1 AKA protocol may have to be used and 45 
some times ttie category 2 AKA protocol may have to be 
used. Thus, in some cases the authentication informa- 
tion may not t>e availat)le before setting up the 
encrypted ATM wireless communication connection 
WCC. 50 

Summary of the Invention 

[0020] As desaibed above, the problem with setting 
up ATM wireless communication connections between 55 
a ATM nrx>blle terminal and a ATM access node essen- 
tially resides in the fact, that either different kinds of AKA 
protocols are to be set up to the access node or that In 



fact the authentication information is not available prior 
to conpleting the AKA protocol. 
[0021 ] Therefore, the object of the present invention is 
to provide a metiiod, an autiientication device, an ATM 
access node, an ATM nrx>bile terminal as well as a ATM 
communication system, in which a secure communica- 
tion between a ATM mobile terminal and an ATM access 
node can be established. 

[0022] A secure communication is preferably to be 
established even if the authentication information is not 
available when completing the protocol or if various dif- 
ferent AKA protocols are to be used on tiie access node 
or if security mechanems of other interconnected net- 
works are to be used. 

Solution of ttie Qb[ect 

[P023] Essentially this object is solved by a method for 
setting up a secured communication between an ATM 
mobile tenminal and an ATM access node of a wireless 
ATM radio communication networK comprising the step 
of setting up a wireless ATM radio comnrunication con- 
nection between said ATM mobile terminal and said 
ATM access node without performing an autiientication 
information checking procedure therebefore, wherein 
an information exchange on said wireless ATM radio 
communication connnection is performed by using a 
secret communkjation key agreed upon by said ATM 
access node and said ATM mobile terminal. 
[0024] Furthermore, this object is solved by an 
authentication device, in particular for a wireless ATM 
radio communication network, comprising, an authenti- 
cation Information storage means for storing a plurality 
of authentication informations each corresponding to a 
respective ATM nrK)k>ile terminal served by a wireless 
ATM radk) communicatbn networK and an authentica- 
tion infomnatk}n transmisssion means for Issuing an 
authentication information in reponse to receiving an 
authentication information request from an ATM rndbWe 
terminal after a ATM wireless radio comnrunication con- 
nection has b>een setup between sakl requesting ATM 
mobile terminal and said ATM access node using a 
secret communk^ation key agreed upon by said ATM 
access node and said ATM nx)bile terminal. 
[P025] The object is also solved by an ATM access 
node of a wireless ATM communteatwn network for set- 
ting up a secured wireless ATM comnrunication connec- 
tion to an ATM mobile terminal, said ATM access node 
comprising, a setup means for setting up a wireless 
ATM radio communication connection to said ATM 
motile terminal wittiout performing an autiientication 
information checking procedure therebefore. a secret 
communication key storage means for storing a seaet 
communication key used by said ATM mobile temninal 
and said ATM access node for performing wireless ATM 
communications. 

[0026] Furthermore, the object is solved by an ATM 
mobile terminal for setting up a secured communication 
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to an ATM access node of a wireless ATM communica- 
tion networK comprising, a setup means for setting up a 
wireless ATM radio communication connection to said 
ATM access node without performing an authentication 
information checking procedure therebefore, a secret 5 
communication key storage means for storing a secret 
communication key used by said ATM mobile terminal 
and said ATM access node for performing wireless ATM 
communications. 

[0027] Finally, the object is also solved by an ATM 10 
wireless communication network according to claim 32. 
[0028] The basic idea of the invention is to provide 
user chosen confidenttaltty level on the radio link t>y 
means of setting up a secure association between the 
WATM access node and the wireless ATM mobile termi- is 
nal without using an authentication as a first step. That 
is, according to the invention, a wireless ATM radio com- 
munication connection is established by agreeing upon 
a secret communication key CK between the ATM 
access node and the ATM wdbWe terminal, wherein no 20 
authentication information checking procedure is per- 
formed therebefore. 

[0029] Anotiier aspect of the invention is that once the 
secured wireless ATM radio communication connection 
has been established between the mobile terminal and ^ 
the access node, the mobile terminal tries to get the 
secret shared authentication information by use of 
higher level protocols communication from an authenti- 
cation device provided in the wireless ATM communica- 
tion network or provided in a network which is 30 
connected to the access node (with which the mobile 
terminal has setup the secure ciphered communication 
link) through a signalling path. This authentication 
device comprises an authentication information search 
means for storing a plurality of authentication informa- 35 
tions each corresponding to a respective ATM mobile 
terminal served by said wireless ATM radio commmica- 
tion network. When the ATM comnwnication connection 
has been set up. the mobile terminal requests an 
autiientication information from this authentication 40 
device arxJ only then an authentication procedure is 
performed at the access node with the authentication 
information being provided by the authentication device. 
[0030] Anottier aspect of the inventfon is tiiat the 
mobile terminal must receive the secret shared authen- 45 
tication information from the authentication device 
within a predefined period or within a period wfiich has 
been negotiated between the mobile terminal and the 
access node. If the mobile terminal receives the secret 
shared authentication information within this period, so 
then it either authenticates itself at the access node or 
this task is being taken care of by the authentication 
device which initially provided the authentication infor- 
mation. 

[0031] If the time runs out. i.e. if the mobile terminal ss 
cannot authenticate itself at the access node within the 
predefined time perkxf. then the already settp wireless 
ATM radio communication connection is interrupted 



(cbsed) and information regarding the mobile terminal 
(which has unsuccessfully attempted an authentication) 
is stored in the access node. Preferably, if the same 
rnctoWe terminal has already failed an authentication a 
predetermined number of times, then further access 
requests from this mobile terminal are immediately 
rejected by the access node. 

[0032] Preferattly. before the authentication procedure 
is performed at the access node, the mot)ile terminal 
(the user) can choose a predetermined communication 
key (confidentiality level) to be used on the wireless 
ATM comnunication connection. Thus, the user or the 
user application itself can choose the degree of confi- 
dentiality which it desires on the wireless communica- 
tion connection. 

[0033] If the autiientication device is located or part of 
the WATM system a signalling path is established 
tiirough the access node to tiie authentication device in 
order to request the authentication information. This 
information is then preferably transferred back to the 
mobile terminal through tiie already setup ciphered 
communication link. 

[0034] If the authentication device is located or part of 
anotiier network connected to the access node via a 
comnunication link, depending on the type of WATM 
network and the type of the connected network, a sig- 
nalling path is setup to the autiientication device 
through the access node to request tiie authentication 
infomiation. Preferably, this authentication information 
is again transferred back to the nrx)bile terminal along 
the already setup communication (dphered) channel. 
[0035] Furtiier advantageous embodiments and 
irrprcvements of tiie invention may be taken from the 
dependent claims. Hereinafter, tiie invention will be 
described with reference to its advantageous embodi- 
ments and the attached drawings. 

Brief Description off the Drawings 

[0036] In the drawings: 

Rg. 1a shows a principle overview of possit>le net- 
work configurations including a wireless 
ATM network; 

Rg. lb shows an example where a wireless ATM 
system WATM is connected to a fixed net- 
work FN through access nodes AN; 

Rg. 2 shows a conventional metiiod to setip a 
secured communication between ATM 
mobile terminal and an ATM access node; 

Rg. 3 shows an authentication device BSD, an 
access node AN and a mobile terminal MT 
according to the invention; 

Rg. 4 shows a principle flowchart of the method 
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according to the invention; 

Fig. 5 shows a more detailed flowchart of setting 
up a secured communication according to 
the invention. s 

Principle of the Imyention 

[0037] As explained before, one of the big disadvan- 
tages of the existing secret-based AKA protocols Is that 
the shared authentication information has to be estab- 
lished between the mobile terminal MT and the access 
node AN prior to completing the protocol. However, 
when different signaling protocols are used on the wire- 
less link between the mobile terminal MT and the 
access node AN (WATM signaling) and between the 
access node AN and other fixed network nodes, (e.g. 
internist signaling) then the setup of shared secret 
knowliedge prior to secure association might be 
extremely difficult. This happens also when the access 
node AN is not connected to a fixed ATN network. In 
such case, some protocols might be used (e.g. Drffie- 
Heilman) to buiki out a temporary security association 
between AN and NT. i.e. to setup shared secret keys for 
radio jink encryption. After setting a secure channel a 
regular end-to-end authentication might be dona 
[0038] According to the invention a method is estat>- 
lished that provkies a user chosen oonfklentiality level 
on the radk) link by means of setting up a secure asso- 
ciation between the WATM access point and the wire- so 
less ATM terminal without any authentication in the first 
run. After the secure association has been established, 
for example using an unauthenticated variant of the 
conventional protocol, the mobile tenninal MT tries to 
get the secret shared authentication information by as 
communicating with an authentication devk:e (also 
called a security server) in the WATM network (or in fact 
in an interconnected f ixed networl^ through a comnrtuni- 
cation (signalling) channel setup means of a higher level 
protocol. The transfer of the authentk:atk>n infomnation 40 
then takes place along the already setup dphered com- 
munication channel. 

[0039] If the mobile terminal gets to secret shared 
authentication informatfon within a predefined or negoti- 
ated period, it performs an authentication itself at the 4s 
access node AN. This authentication procedure can be 
accomplished using either an authenticated variant of 
the flexible AKA protocol or other mechanisms. Other- 
wise, the respective timer in the access node AN runs 
out and the access AN closes to wireless connected to so 
the nx)bile terminal MT. Attacks of fraudulent or acci- 
dental misuse can be prevented to some extent by stor- 
ing the MAC address or other suitable information about 
the mobile terminal MT within the access point AN. After 
N unsuccessful connection setups further access ss 
requests from this nfK>bile terminal MT are immediately 
rejected by the access node AN. 
[0040] Therefore, whilst all AKA protocols in the prior 



art use an authentication procedure before setting up 
the actual wireless ATM communfoation connection, 
one of the basic principles of the invention is based on 
the kiea to first setup the wireless ATM communication 
between the nrtot^ile terminal MT and the access node 
AN by selecting and agreeing upon a conwnon encryp- 
tion communication key and only thereafter possibly an 
authentication is performed. 

[0041] Embodiments of tiie mobile terminal MT, 
access node AN and the auttientication device of tiie 
WATM system performing such a function are desaibed 
below with reference to Rg. 3. It shouW be understood 
that Fig. 3 in principle corresponds to Fig. lb, i.e. a plu- 
rality of mobile terminals MT are connected to a wire- 
less ATM system and a wireless secured ATM 
communication connection WCC is to be set up 
between the ixiMle terminals MT and the access node 
AN. 

Embodiment of the mobile terminal fWT/Access 
node AN 

[0042] Hereinafter, ttie functbns performed by the 
mobile terminal MT and the access node AN according 
to the invention as shown in Rg. 3 will be illustrated with 
reference to tiie communication connection setup 
method as shown in Rg. 4. 

[0043] In Rg. 3 tiie ATM mobile terminal MT com- 
prises a setup means MT-SET for setting up a wireless 
ATM radio communication connection WCC to sakl ATM 
access node AN. Likewise, the access AN comprises a 
setup means AN-SET for setting up tiie wireless ATM 
radio communication connection WCC to said ATM 
mobile terminal MT In the mM\e terminal MT and tiie 
access node AN a respective secret communication key 
KC storage means CK-MEM stores a secret communi- 
cation key CK used by sakJ ATM mobile tenninal MT 
and saki ATM access node AL for performing wireless 
ATM communications. After starting the setup proce- 
dure in step SI in Rg. 4, the setup means MT-SET of 
the mobile terminal MT sends a setup request to the 
access node AN by means of a protocol, to setup a 
secure association, i.e. a secured wireless ATM radio 
communication connection WCC to sakJ setup means 
AN-SET of the access node AN. As is seen in Fig. 4, 
there is no autiientication procedure before or after the 
setting up procedure in S2. That is. in step 82 a fully 
operable (i.e. usat)le for data transfer) and ciphered 
wireless ATM radfo comnnunication link is setup which 
uses a secret communication key CK, Q,e. a confidenti- 
ality level or encryption key) which has been agreed 
upon by said ATM mobile terminal MT and saki ATM 
access node AN for performing wireless ATM communi- 
cations. 

[P044] In step S2. a secrete key selection means MT- 
SEL of saki mobile terminal MT can preferably prede- 
fine or select one of a plurality of secret communication 
keys CK stored in the secret communicatbn key storage 
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means CK-MEM within the mobile terminal MT. That is, 
in step S2. the user or the user application can prede- 
fine a desired confidentialrty level on the wireless ATM 
radio communication connection WCC. 
[0045] Rrst, in step S2 a user chosen confidentiality 
le^el can preferably be provided on the radio link by 
means of setting up a secure association between the 
WATM access node AN and the wireless ATM mobile 
terminal without an authentication in the first run. Thus, 
by contrast to the category 1 AKA protocols, the proto- 
col illustrated in fig. 4 does not require the setup of 
shared authentication information between the mobile 
terminal MT and the access node AN prior to comple- 
tion of the protocol. TTie procedure is also applicable to 
category 2 protocols, because there is yet again no 
necessity to setup the seaet shared authentication 
information before setting up the security association 
(i.e. the encryption key). Thus, the procedure in Fig. 4 Is 
intrinsically different to what was described atxive for 
the category 1, category 2 setup protocols, since an 
authentication information agreement is not necessary 
before setting up of the operattle wireless ATM rado 
communication connectfon WCC. 
[0046] After step 32 immediately the real communica- 
tion protocol for information transfer between MT/AN 
can be set up in step S6 whereafter the setup procedure 
domes to an end in step S7. 

Inclusion otf the Authentication Inftonrnation 

[0047] Whilst there is no necessity to perform an 
authentication before the setup of the communication 
channel WCC in Rg. 3, 4, preferably such an authenti- 
cation procedure may be carried out after step S2, as is 
shown in more detail in the flow chart in Rg. 5. 
[0048] To realize this authentication procedure, the 
wireless ATM network WATM (or any interconnected 
non-ATM or ATM fixed network) preferably comprises 
an authentication device SSD conrprising an authenti- 
cation information storage AI-MEM for storing a plurality 
of authentication informations At each corresponding to 
a respective ATM vndbWe terminal MT served by said 
wireless ATM radio communicatfon network WATM. Fur- 
thermore, the device SSD comprises an authentication 
information transmission means TR for issuing an 
authentication infbrhnation Al in response to receiving 
an authentication information rec^est AI-RQST from an 
ATM mobile terminal MT after said ATM wireless radio 
communication connection WCC. has been setup 
between the ATM mobile terminal MT and said ATM 
access node AN. 

[0049] Instead of just exchanging auttientication infor- 
mation between MT and AN, an authentication means 
MT-AN of the mobile terminal MT requests an authenti- 
cation information from the authentication device SSD 
(hereinafter also called a security server) of the WATM 
network (or ttie interconnected fixed network FN) 
through higher layer protocols in step S3. This request 



message is denoted AI-RQST in Rg. 3. In response to 
said request message AI-RQST, the security server 
SSD reads out from ttie memory AI-MEM an authenti- 
cation information corresponding to the mobile terminal 
5 MT requesting such information. It the requesting 
mobile terminal MT is an admitted (sut>scribed) mobile 
terminal MT, ttien the security server SSD should have 
an entry for this mobile terminal MT in the memory AI- 
MEM. 

10 [0050] In response to such a request AI-RQST tiie 
mobile terminal MT is authenticated at the access node 
AN. This can take place either by the security server 
SSD transferring the requested authentication informa- 
tion Al directiy to the access node AN or alternatively 

15 the security server SSD retums tiie authentication infor- 
mation Al to the mobile terminal MT via tiie already 
established secured (ciphered) comnrujnication channel 
WCC. At the mobile terminal the autiienttcation informa- 
tion Al is received in an auttientication information 

20 reception means MT-RM. 

[0051] Having established the secured conrvnunica- 
tion connection WCC between tiie mobWe terminal MT 
and the access node AN authentication information Al 
provkied by an auttientication device SSD focated 

25 within the WATM system or even an Interconnected net- 
work can now be transferred t>ack to the mobile terminal 
MT in a secured or ciphered manner through tiie com- 
munication connection WCC. 
[0052] Then the mobile terminal MT itself performs the 

30 authentication procedure witti the access rxxJe AN by 
transfening the received authentication information Al 
to the access node AN. In txrth scenarios, tiie ATM 
mobile terminal MT is authenticated at the ATM access 
node by means of the transfer of the auttientication 

35 information Al which identifies the ATM mobile terminal 
MT at tiie ATM access node AN. Therefore, if an 
authentication information reception means Al-RM in 
the access node AN receives an auttientication informa- 
tion Al, an authentication means AN-RN in saki ATM 

40 access node AN performs tiie authentication of the ATM 
mobile terminal MT when the received authentication 
information Al is one that klentifies ttie requesting ATM 
mobile terminal MT as an admitted ATM mobile terminal 
MT 

45 [0053] Therefore, no matter where to the authentica- 
tion information transmission means AI-TR of the secu- 
rity server SSD transmits the authentication information 
Al, an authentication procedure can always be per- 
formed successfully in step S5 if the authentication 

50 information Al is one that is recognized by said access 
node AN. That is. an authentication means MT-AN of 
said ATM mobile terminal can send an authentication 
infomnation request message AI-RQST in step S3 in 
Rg. 5 to the network auttientk:ation device SSD and an 

55 authentication information reception means MT-RM 
receives that authentication information Al from said 
network authentication device SSD in response to the 
request message. Attematively. the access node 
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authentication means AN-AM performs the authentica- 
tion on the basis of authentication information received 
from the security server directty. 
[C054I Preferably, after the access node AN has final- 
ized the setup of the wireless communication connec- 5 
tion WCC to said mobile terminal MT. a timer TMR in 
said access node AN can be set in step S2 in Rg. 5. 
Preferat)ly, the timer TfAH in AN sets a predetemnined 
time period in which an authentication Information 
reception by AI-RM in AN is expected. Therefore, inde- io 
pendentiy as to whether the authentication infornration 
Al is transmitted by tiie security server SSD or the 
mobile terminal MT itself, in step S4 a determination is 
made by the timer TMR in AN as to whether or not the 
authentic information Al has been received in a prede- is 
termined time period. If it has been received. T* in step 
S4 in Fig. 5, then the normal auttienticatlon procedure 
can be performed in step S5. If "N" in step S4. then the 
timer TMR in AN waiting for the input of the authentica- 
tion information from MT (directiy or through SSD) runs 20 
out In this case, the previously settp wireless ATM 
communication connection WCC is closed in step S8 by 
an inten-upt means INT in AN . 
[0055] Preferably, an identity memory ID-MEM stores 
an identity information 11. MAC of the ATM mobile termi- 25 
nal MT whose communication connection WCC has 
been released (closed). The identity information can for 
example be the MAC address of the requesting mobWe 
terminal MT (MAC: Mobile Access Code). 
[0056] Furthernwre. if ttie access node AN recognizes 30 
tfiat the mobile terminal MT presentiy requesting an 
authentication has already previously been trying to 
setup a communication to the access node AN. also the 
number of retries MTr can be compared witii a nnaxi- 
mum number of retries N in step S10. If the same 35 
nrK)bile terminal MT has requested an authentication 
more tiian N times, then an access node inhit>ition 
means AN-INBT will completely inhibit or reject any fur- 
ther setup requests from this nrK)bile terminal MT in step 
S1 1 . whereafter the procedure comes to an erxJ in step 40 
SI 2. 

[0057] TTie interrupt means INT in the ATM access 
node AN is responsiljle for closing an already set Lg> 
secure wireless radio communication WCC. if said 
authentication information reception means AI-RM does 45 
nor receive the autherrtication irrformation from MT 
within the predetermined time period as is determined 
by the timer TRM in AN. If "N" in step SIO. the proce- 
dure goes back to step S2 to allow the setup of a com- 
munication connection WCC again in step S2. so 
[0058] Preferably, also the ATM nfX)bile terminal MT 
comprises a timer TMR and if after said sending of said 
auttientication information request message AI-RQST 
an authentication information Al is not received from 
said network auttientication device or security server ss 
SSD witiiin a predetermined period, an interrupt means 
MT-IM of sakj ATM mobile terminal MT will dose the 
setup wireless ATM radio communication networks 



WCC itself. The reason is, that at this point it can hardly 
be expected that the security service SSD of the WATM 
system will return an autiientk;ation information Al. i.e. 
that it is hardly likely that the mobile terminal MT has 
really a valid subscription for setting up communication 
connections in the WATM communicatbn system. 
[0059] Preferably, the ATM mobile temriinal MT also 
comprises an automatic repetition means MT AUTO for 
automatically repeating a setup attempt after a prede- 
termined time inten/al. That is, even before the security 
server SSD returns a negative response, i.e. tiiat no 
autiientication information can be found in the memory 
AI-MEM for the presentiy calling mobile calling MT, the 
nx)bile terminal MT can automatically again request the 
setup of a communication connection WCC to said 
access node AN. 

[0060] If the nfK3bile terminal MT has performed a pre- 
detemnined nurrber of repetitive setup requests, as 
counted by a counter MT-CNT, then an inhibitbn means 
MT-INHB of tiie mobile tenninal MT inhibits any further 
setup requests after a predetermined number N of 
attempts. 

[0061] Therefore, not only the access node AN can 
reject further setup requests by the same mobile termi- 
nal MT but also the mobile terminal MT itself may 
deckJe and recognize that in fact ttie security server 
SSD has no information stored whatsoever that would 
indicate tiiat tiie presentiy calling mobile terminal MT is 
one that has been registered for wireless ATM connec- 
tions to said access node AN. 
[0062] Therefore, the above novel protocol can be 
summarized as folfows (see also Rg. 5): 

S2: Setup a secure association (a secured com- 
municatfon connection WCC) between the 
rndbWe terminal MT and the access node AN 
witiiout any authentication procedure; start a 
timer TMR in the access node; 

S3/S4: If tiie nfx>bile terminal MT gets secret shared 
auttientication within the predetermined time 
period through the ciphered communication 
channel WCC then the auttientication takes 
place. If not. ttie access node interrupt 
means INT interrupts or closes the already 
setup communication connection WCC in 
step S8. 

S5: Eittier the rnobWe terminal MT auttienticates 
itself at the access node AN or the security 
server authentication devk;e SSD auttienti- 
cates the mobile terminal at ttie access node 
AN. If there is no time out by the timer TMR 
in ttie access node AN or the timer TMR in 
the mobile terminal MT. the general commu- 
nication protocol for information transfer is 
set up between MT and AN in step S6. 



15 



EP0939571 A1 



16 



Industrial Appllcablltiv 

[0063] As explained above a secure setup of a com- 
munication connection between MT and AN is estab- 
lished even if no authentication can be performed in the s 
first run as explained with reference to Rg. 4. Authenti- 
cation is performed aftenwafds eittier between MT and 
AN or between the authentication device SSD and AN. 
This is useful for example in a wireless ATM mM\e ter- 
minal without hardware support for storing authentica- io 
tion information (e.g. a SIM card). 
[0064] By the provision of the communication key 
menrKxy CK-MEM. tiie operator of the nrK)bile terminal 
MT or in fact the user application itsetf can establish a 
user-chosen confidentiality level without folfowing 75 
authentication, e.g. to allow access of mobile terminals 
MT to networks in semi-put)lic areas (e.g. airports). 
Rrst for example a user-application like a program run- 
ning on a LAPTOP can - without a hardware support for 
storing authentk;ation information like a SIM card - 20 
request an authentication information from a security 
server SSD and if a registration of such an autiientica- 
tion information has been previously performed in the 
menfKxy AI-MEM of the security server SSD, than an 
access of the mobile terminal MT to the network is 25 
granted. 

[0065] Furthermore, it shouM be noted ttiat the 
authentication device SSD does not necessarily have to 
be a part of the WATM system. It can also be a part of 
the interconnected ATM fixed network which is shown in 30 
Rg. 2. However, confidentiality of user data on the ATM 
wireless radio connection WCC can be guaranteed, 
even if tiie fixed network is only involved after the setup 
of the security association, for example if tine authenti- 
cation information is recpiested from a security server 35 
SSD of the fixed network and is then - in a secure 
ciphered manner - transfered back to the nrK)bile termi- 
nal through the secured communication channel. 
[0066] Thus, a security service SSD for WATM sys- 
tems can be implemented, that can be used in a non- 40 
ATM fixed network environment, i.e. if ATM calls are 
only used on ttie wireless radio link in the WATM sys- 
tem, whilst an ordinary digital transmission is used in 
the fixed network. Again, since the confidentiality is 
ensured on the wireless communication connection 45 
WCC, the auttientication infamation can be requested 
and supplied by any security server SSD which is 
located even in tiie fixed network environment. This 
means that the transfer off the authenticatfon information 
takes place along a wireless ATM convnunication con- so 
nection which is already secured by the agreed selected 
secret ciphering key CR. 

[0067] However, the inventive method, authentication 
device, mobile terminal and the access node can also 
be used in cases, wrhere an ATM based fixed network ss 
implements security services on top of the ATM layer. 
TTiis means, if the fixed network system is also an ATM- 
based fixed networK first the communication channel 



WCC with its confidentiality level is setup between ttie 
mobile terminal MT and the access node AN of the wire- 
less ATM system (or in fact to an access node AN of the 
ATM-based fixed network) and thereafter the (secured) 
authentication information exchange is performed. For 
requesting and receiving the authentication information 
from a security sender SSD of the ATM-t>ased fixed net- 
work, a separate signaling channel from the access 
node AN of the WATM system to the access node AN of 
tiie ATM-based fixed network is preferably used. 
[0068] The present invention provides confidentiality 
in different wireless ATM systems which are adapted for 
private and/or business and/or pi^ic environments or 
even mixed environments. Since the communication 
channel WCC is setup before a possible authentication 
procedure, there is provided the major advantage that 
security mechanisms within the WATM system or even 
security mechanisms from possibly interconnected 
fixed networks (non-ATM or ATM) can be accessed 
through the secured link WCC or can even be com- 
bined, in order to ttuild a security architecture tiiat offers 
much higher security level. Since the mobile terminal 
MT has access to the security factions located else- 
where in an interconnected networK a security architec- 
ture can t>e built which is more flexible and which can 
offer a much higher security level. 
[0069] Whilst the invention has been desaibed with 
reference to its ennbodiments and the drawings to illus- 
trate what is currentiy considered as the best nrxxle of 
the invention, it is dear, that various modifications arxi 
variations will be possible for those skilled in the art in 
view of the above technical teachings. Therefore, the 
invention is hot restricted to the present description and 
the scope of the invention is defined by tiie attached 
claims. In these claims, reference numerals only serve 
clarification purposes and to not linnit the scope of the 
invention. In the drawings the same or similar reference 
numerals designate the same or sinnilar parts or steps. 

Claims 

1. A metiiod for setting up a secured communication 
between an ATM mobile terminal (MT) and an ATM 
access node (AfsQ of a wireless ATM radio commu- 
nication network (WATM). comprising the step of 
setting up (S2) a wireless ATM radio communica- 
tion connection (WCC) between said ATM mobile 
terminal (MT) and said ATM access node (ATM) with- 
out performing (ST2, ST3) an authentication infor- 
mation checking procedure therebefore, wherein an 
information exchange on sakl wireless ATM radio 
communication connnection (WCC) is performed 
by using a seaet communication key (CK) agreed 
Mpon by said ATM access node (AN) and said ATM 
nrK)bile terminal (MT). 

2. A method according to claim 1 . 
characterized iri that 
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after said setting i4> of said wireless ATM radio 
communication connection (WCC) between said 
ATM mobile terminal (MT) and said ATM access 
node (AN) is completed (S2), said ATM mobile ter- 
minal (MT^ is authenticated (S3, 85; S4, SB) at said s 
ATM access node (AN) by transferring authentica- 
ton information (Al) identifying said ATM mobile ter- 
minal (MT) to said ATM access node (AN). 

3. A method according to claim 2, w 
characterized In that 

said ATM nrK>bile temninal (MT) sends an authenti- 
cation information request message (AI-RQST. S3) 
to a network authentication device (BSD) provided 
by said wireles ATM communication network 75 
(WATM) or by a further interconnected network 
(FN). 

4. A method according to daim 3. 

characterbed In that 20 
said authentication infornDation (Al) is transferred 
(S4) to said ATM mobile temninal (MT) in response 
to said request message (AI-RQST) and said ATM 
wdbWe terminal (MT) performs an authentication 
procedure at said ATM access node (AN) using 25 
said transferred authentication information (Al). 

5. A method according to daim 3, 
characterized In that 

in response to said request meassage (AI-RQST). 30 
said network authentication device (SSD) of said 
wireless ATM communication network (WATM) per- 
forms (S5) an authentication procedure for said 
ATM mdbWe terminal (MT) at said ATM access node 
(AN) using said requested authentication informa- 35 
tion (Al). 

6. A method according to daim 2, 
characterized in that 

after said secure wireless ATM radio commnunica- 40 
tion connection (WCC) has been set up (82). a 
timer fTMR) in said ATM access node (AN) is 
started and said already setip wireless ATM radio 
commmunication connection (WCC) is closed by 
said ATM access node (AfM) if said ATM access 4S 
node (AN) does not receive an authentication infor- 
mation (Al) for said ATM mobile terminal (MT) 
within a predetermined time period (S8). 

7. A method according to daim 6. so 
characterized in that 

identity information (II. MAC)) of said ATM nriobile 
terminal (MT) and the number of authentication 
retries (MTr) is stored (ID-MEM) in said ATM access 
node (AN) if said ATM access node (AN) does not ss 
receive said auttientication information (Al) withiin 
said predetermined time period (89). 



8. A nnettiod according to claim 7. 
characterized In that 

when said number of authentication retries (MTr) 
exceeds (S10) a predetermined number (N). further 
requests by said ATM mobile terminal (MT) to set 
up a wireless ATM radio communication connection 
(WCC) between said ATM mobile terminal (MT) and 
said ATM access node (AN) are rejected (81 1) by 
said ATM access node (AN). 

9. A metiiod according to claim 1 . 
characterized in that 

said secret communication key (CK) is selected by 
said ATM nDobile terminal (MT) during the setting up 
of the wireless ATM radio communication connec- 
tion (WCC). 

1 0. A mettiod according to claim 1 . 
characterized In that 

to said wireless ATM radio communication network 
(WATM) access node (ATM) is connected a non-ATM 
fixed network (FN) providing functions and services 
to a plurality of fixed network subsaibers (88), 
wherein said ATM nrK3blle terminal (MT) accesses 
said functions and services via said secured wire- 
less ATM radfo communication connection setup 
t)etween said ATM mobile temiinal (MT) and said 
; ATM access node (AN). 

11. An authentication device (SSD), in particular for a 
wireless ATM radio communication network 
(WATM), comprising: 

a) an authentication information storage means 
(AI-MEM) for storing a plurality of authentica- 
tion informations (Al) each corresponding to a 
respective ATM mobile terminal (MT) served by 
a wireless ATM radio conrvnunication network 
(WATM); and 

b) an authentication information transmisssion 
means (TR) for issuing an authentication infor- 
mation (Al) in reponse to receiving an authenti- 
cation infomnation request (AI-RQST) from an 
ATM rniM\e terminal (MT) after a ATM wireless 
radio communication connection (WCC) has 
been setip between said requesting ATM 
mobile terminal (MT) and said ATM access 
node (AN) using a secret communication key 
(CK) agreed upon by said ATM access node 
(Afsl) and said ATM mcbWe terminal (MT). 

1 Z A device according to claim 1 1 . 
characterized in that 

said transmission means (AI-TR) is adapted to 
transfer said authentication information (Al) back to 
said requesting ATM mobile terminal (MT). 
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1 3. A device according to claim 1 1 , 
chairacterized in that 

said transmission means (Al-TR) is adapted to 
transfer said authentication information (A!) to said 
AT^ access node (AN) to perform an authentica- 5 
tion procedure for said ATM rTK>bile terminal at said 
AT^ access node (AN). 

14. A device according to claim 1 1 , 

characterlzBd In that 10 
to said wireless ATM radio communication network 
(WATM) access node (AN) is connected a non-ATM 
fixed network (FN) providing functions and services 
to a plurality of fixed network subscribers (SS), 
wfieirein said ATM rnobWe terminal (MT) access said is 
functions and services via said secured wireless 
ATM radio communication link setup between said 
ATM mobile terminal and said ATM access node 
(AN^. 

20 

15. An ATM access node (AN) of a wireless ATM com- 
munication network (WATM) for setting up a 
secured wireless ATM communication connection 
(WGC) to an ATM mobile terminal (MT), said ATM 
access node (AN) comprising: 25 

a) a setup means (AN-SET) for setting up (S2) 
a wireless ATM racfio communication connec- 
tion (WCC) to said ATM mobile terminal (MT) 
without performing (ST2, STB) an authentica- 30 
tion information checking procedure tiierebe- 
fore; 

b) a secret communication k^ (CK) storage 
means (CK-MEM) for storing a secret commu- 35 
nication key (CK) used by said ATM nfX)bile ter- 
minal (MT) and said ATM access node (AN) for 
performing wireless ATM communications. 

1 6. An ATM access node (AN) according to daim 15, 40 
characterized by 

an authentication means (AN-AM) for authenticat- 
ing said ATM mobile terminal (MT) at said access 
node (AN) when an authentication information 
reception means (AI-RM) receives authenticaton 45 
information (Al) identifying said ATM rTK>bile termi- 
nal (MT). 

17. An ATM access node (AN) according to daim 16, 
characterized in that so 
said authentication information reception means 
(AI-RM) receives said authentication information 
(Al) from said ATM nx)bile terminal (MT). 



18. An ATM access node (AN) according to daim 16, 
characterized in that 

said authentication information reception means 
(AI-RM) receives said autiientication information 
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(Al) from a network authentification device (SSD) 
separately provided by said wireless ATM radio 
communication network (WATM) or by a further or 
interconnected network (FN). 

19. An ATM access node (AN) according to daim 16, 
characterized in that 

said ATM access node (AN) corrprises a timer 
(TMR). which is started after said wireless ATM 
communication connection (WCC) between said 
access node (AN) and said ATM wdbWe terminal 
(MT) has been setup by said setup means (AN- 
SET). 

20. An ATM access node (AN) according to daim 19, 
characterized in that 

said ATM access node (AN) comprises an interrupt 
means (IMT) for cbsing an already setup secured 
wireless radio commmunication connection (WCC) 
if said authentication information reception means 
(AI-RM) does not receive an authentication infor- 
mation for saki ATM mobile terminal (MT) witiiin a 
predetermined time period (S8) as determined by 
said timer fTMR). 

21 . An ATM access node (AN) according to daim 20, 
characterized in that 

identity information (II, MAC)) of said ATM nrtobile 
terminal (MT) and the number of authentication 
retires (MTr) is stored in an identity nr^emory (ID- 
MEM) in said ATM access node (AN) if said authen- 
tication information reception means (AI-RM) does 
rK3t receive said autiientication information (Al) 
witiiin saki predetermined time period (S9). 

22. An ATM access node (AN) according to daim 21 , 
characterized in that 

when said number of authentication retries (MTr) 
exceeds (S10) a predetermined number (N), an 
inhibiting means (AN-INBT) of said ATM access 
node (ATnI) inhibits further requests by said ATM 
mobile terminal (MT) to set up a wireless ATM radio 
convnunication connection (WCC) between said 
ATM mobile terminal (MT) and said ATM access 
node (AN). 

23. An ATM access node (AN) according to daim 15, 
characterized in that 

to said ATM access node (AN) is connected a non- 
ATM fixed network (FN) provkiing functions and 
services to a plurality of fixed network subscrbers 
(SS), wherein said ATM mobile terminal (MT) 
accesses said functions and services via said wire- 
less ATM radio communication link setup k>etween 
said ATM mobile terminal and said ATM access 
node (AN). 

24. An ATM rmcbWe terminal (MT) for setting up a 
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secured communication (WCC) to an ATM access 
node (AN) of a wireless ATM communication net- 
work (WATM). comprising: 

a) a setup means (MT-SET) for setting up (S2) s 
a wireless ATM radio communication connec- 
tion (WCC) to said ATM access node (AN) with- 
out performing (ST2, ST3) an authentication 
information checking procedure tiierebefore; 

10 

b) a secret communication key storage means 
(CK-MEM) for storing a secret communication 
key (CK) used by said ATM mobile terminal 
(MT) and said ATM access node (AN) for per- 
forming wireless ATM communications. is 

25. An ATM mobile terminal (MT) according to claim 
24, 

characterized in that 

an auttientication means (MT-AM) of said ATM 20 
mobile terminal (MT) sends an authentication infor- 
mation request message (AI-RQST; S3) to a net- 
work authentication de^ce (SSD) provided by said 
wireles ATM communication network (WATM) or an 
interconnected fixed network (FN). 2s 

26. An ATM nDobile terminal (MT) according to daim 
25. 

characterized in that 

an authentication information recepetion means 30 
(MT-RM) receives said autfientication information 
(Al) from said network authentication device (SSD) 
in response to said request message (AI-RQST). 

27. An ATM nfX)bile terminal (MT) according to claim 35 
26. 

Characterized in that 

said authentication means (MT-AM) transfers said 
received autiientication information (Al) to sakJ 
ATM access node (AN). 40 

28. An ATM nfK>bile terminal (MT) according to daim 25 
and 26, characterized in that 

said ATM mobile terminal (MT) comprises a timer 
(TMR) and if after said sending of said authentica- 45 
tion infamation request message (AI-RQST) an 
authentication information (Al) is not received from 
said network autiientication device (SSD). an inter- 
rupt means (MT-IM) of said ATM mobile terminal 
(MT) closes said setup wireless ATM radio commu- so 
nication connection (WCC) between said mobWe 
terminal (MT) and said ATM access node (AhJ) 

29. An ATM mobile terminal (MT) according to daim 

25, 55 
characterized in that 

said ATM nrK)bile terminal (MT) conrprises an auto- 
rnaWc repetition means (MT-AUTO) for automati- 



71 Al 22 

cally repeating a seti^D attempt after a 
predetermined time intervall. 

30. An ATM wdbWe terminal (MT) according to daim 
29, 

characterized In that 

said ATM mobile terminal (MT) comprises a counter 
(MT-CNT) which counts the number of repetitive 
attempts to setup a connection by said setup 
means (MT-SET), wherein an inhibition means (MT- 
INHB) inhibits further setup requests after a prede- 
termined number (N) of attempts. 

31. An ATM mobile temntnal (MT) according to daim 
24, 

charact&'aed by 

a secret key selection means (MT-SEL) for select- 
ing a seaet key (CK) used for the wireless ATM 
communication connection (WCC). 

32. An ATM wireless communication network (WATM). 
comprising at least one ATM nx>bile terminal (MT) 
according to one or more of claims 24-31, at least 
one ATM access node (AN) according to one or 
nfwre of daims 15-23 and an exchange means (EX) 
for setting up ATM wireless radio commundcation 
connections (WCC) between said at least one 
nfX)bite terminal (MT) and said at least one ATM 
access node (AN). 

33. An ATM wireless communication network (WATM) 
according to claim 32. characterized in that 

to said wireless ATM radio comnrunication network 
(WATM) is connected a non-ATM fixed network 
(FN) providing functions and services to a plurality 
of fixed network sut>scribers (SS), wherein said 
ATM nx)bile terminal (MT) accesses said functions 
arxJ services via said wireless ATM radio comnrujni- 
cation connection (WCC) setup between said ATM 
mobile terminal (MT) and said ATM access node 
(AN). 

34. A mettiod according to daim 4. 

characterized in that said authentication informa- 
tion (Al) is transfen-ed back to said mobile terminal 
(MT) tiirough said setup secured communication 
connedion (WCC). 

35. A device according to claim 1 2, 
characterized in that said transmission means (TR) 
transfers back said authentication information to 
said PDobile ternunal (MT) tiirough said setup 
secured convnunication connection (WCC). 

36. An access node (AfsQ according to daim 16. 
characterized in that a transmission means (TR) of 
said access node (AN) transfers back said authen- 
tication information to sad mobile terminal (MT) 
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through said setup secured communication con- 
nection (WCC). 

37. An ATM mobile terminal (MT) according to claim 
26. 

characterized in that said authentication informa- 
tion reception means (MT-RM) receives said 
authentication information (Al) through said setup 
secured communication connection (WCC) setup 
between said access node (AN) and said ATM 
mobile terminal (MT). 

38. An ATM mobile terminal (MT) according to claim 27 
characterized in that said authentication means 
(MT-AM) transfers said authentication information is 
(AO through said secured communication connec- 
tbn (WCC) setup between said access node (AN) 
and said ATM mobile terminal (MT) to said access 
node (AN). 
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